Security events have gone from pervasive to near-ubiquitous: The ForeScout Technologies 2014 Cyber Defence Maturity Report shows that 96% of organizations experienced a significant IT security incident in the past year.
On aggregate, one in six had five or more significant security incidents in the past 12 months, and 39% had two or more incidents. Significant compliance policy violations that consumed a large amount of time to recover from occurred an average of 2.6 times in the last 12 months on aggregate across three regions studied, but more in the US as compared to UK and DACH countries.
The most frequently cited security issues were from malware and advanced threats, application and wireless security, network resource access, unsanctioned application and personal mobile device use, and data leakage – as well as phishing, compliance policy violations and unauthorized data access.
Manufacturing, education and finance sectors, in general, appear more prone to phishing attacks, while the healthcare sector was more likely to experience higher-than-average compliance policy violations. An exception is the manufacturing vertical in the UK, where unsanctioned application and device use, compliancy policy violations and zero-day malware showed more incidents.
Healthcare, meanwhile, was more concerned about data leakage monitoring issues compared to manufacturing, education, retail and finance. Stacked against other verticals in the UK and/or security concerns, data leakage monitoring is by far the most important issue to healthcare.
In the DACH region, unsanctioned device and application use and system breaches appear more problematic. Financial institutions were subject to more incidents caused by phishing attacks, compliance policy violations, unsanctioned application use and data leakage, and overall found problem remediation more challenging compared to other sectors.
The need to improve security management is evidenced by the growing number of industry and regulatory compliance frameworks specifying security measures and how sensitive information is protected both on and off-premise, the firm said. Network complexity, exposure diversity and threat velocity are challenging security operations. But organizations don’t know where they stand and where they are going without a baseline.
So, it’s unsurprising that the research also found that a majority of IT organizations are aware that some of their security measures are immature or ineffective, but only 33% have high confidence that they will improve their less mature security controls. In fact, increasing operational complexity and threat landscape have affected security capacity as more than 43% perceive prevention, identification, diagnosis and remediation as more challenging than two years ago.
Control practices indicated as relatively immature were personal mobile device usage, perimeter threats, inventory management and endpoint compliance, virtualization security, rogue device and application security. However, only 54% of respondents said they were somewhat confident in the likelihood of improvement over the next 12 months.
A majority (61%) cited low to no confidence on network device intelligence, maintaining configuration standards and defenses on devices, and ensuring virtual machine and remote devices adhere to policy.
The top five security technologies perceived to have the greatest interoperability value were firewalls, anti-malware, network access control (NAC), mobile device management (MDM), and advanced threat detection (ATD).